Basic certifier questions

I’ve bunch of users able connect to my Domino server (very old setup):

User1/OU1/ORG … UserX/OU1/ORG

Now, I’ve created a new OU unit called OU2 and registered a new user:

User2/OU2/ORG

When user want’s to access the server, he receives following error: ‘The Public Key that Is Being Used Does Not Match the One that Was Certified’

There are 2 ‘ORG.id’ certifier files on my server. One very old (year 2004, already expired) and one from january 2007. Both id’s have different ‘key identifiers’.

The OU2 was certified with a second ORG.id (with different ‘key identifier’ as the first one)

How is it possible, that those 2 ‘ORG’ key identifiers are different? Does this mean, that the ‘ORG’ are actually not the same at all?

2.Can I use the second ‘ORG’ certifier to create new OU’s?

Am I doing something wrong during the process of new OU creation?

Thx for your help in advance,

Juraj

Subject: Basic certifier questions

Are you using the Certificate Authority(CA)?

Subject: Basic certifier questions

Did you generate a new root-level certifier in January instead of renewing the old one? That could result in the problems that you are seeing.

Subject: RE: Basic certifier questions

I didn’t generate a new (top-level) certifier id (maybe somebody else did). If I understand it correctly, the ‘key identifier’ should be constant for the certifier id. Is this also true when a certifier id expires and then is renewed?

Subject: RE: Basic certifier questions

I’ve fixed the problem. I’ve had 2 versions of ‘ORG’ certifier id. If I used the second version of the ID to register the OU and then this OU certifier id to register the user, everything was working correctly !!

Thx for help!